Wise Health System Phishing Attack and PSL Services Email Breach

A phishing attack on Wise Health System in Decatur, TX that happened on March 14, 2019 resulted in the potential compromise of some protected health information (PHI) of 66,934 patients.

Wise Health System reported to the Department of Health and Human Services’ Office for Civil Rights last July 13, 2019 that the phishing attack affected 35,899 people. A data audit was started in June 2019 and just concluded recently. Based on the completed data audit, the total number of people affected has been updated. Wise Health System sent new notifications to affected patients starting on February 13, 2020.

In March 2019, a number of employees exposed their account credentials after responding to phishing emails. The attackers accessed the Employee Kiosk using the stolen credentials and tried to redirect about 100 payroll direct deposits.

Wise Health System identified the scam because of its security protocol requiring the issuance of two checks to employees after a change to direct deposit details. This security prevented the rerouting of direct deposit payments. The big number of April 5, 2019 printed checks raised a red flag and indicated unauthorized people had accessed its systems.

Password reset was done system-wide to block the attackers from accessing the system. Two third party computer forensics companies were hired to look into the breach. Wise Health System also reported the cyberattack to the FBI. According to the FBI investigators, the attackers were from Africa. The case is now closed.

Wise Health System, the FBI, and the two computer forensics companies are convinced that the attackers did not access patient information. The criminal groups responsible for these campaigns seem to be only interested in rerouting payroll direct deposits and not in data theft as these gangs have no such confirmed reports previously. Nevertheless, the attackers got email credentials that could allow them to view email accounts with PHI including names, medical insurance data, medical record numbers, diagnostic details, and treatment data.

As a safety precaution, Wise Health System offered the affected patients credit monitoring services, identity theft insurance coverage, and identity theft recovery via the ID Experts MyIDCare service for 1-2 years. After the breach, Wise Health System strengthened its cybersecurity posture with extra security measures.

Employee Email Account Breach at PSL Services

Peregrine Corporation, doing business as PSL Services, learned that unauthorized people have accessed the email accounts of a number of employees beginning December 16, 2019 up to December 19.

The company realized the breach after discovering suspicious activity in an employee’s email account. An independent computer forensics company was hired to look into the breach and confirmed the compromise of a number of email accounts.

The types of data included in the compromised email accounts differed from one patient to another. The compromised information included patient names, birth dates, driver’s license numbers, Social Security numbers, Medicare numbers, and medical information.

The compromised accounts are still under review to find out the names of affected patients. The breach investigation is not yet over and so there’s no final number of persons affected yet. Affected people received complimentary identity theft protection services. Written notifications for affected persons will be out at the earliest opportunity.

PSL Services is going over its security options and will employ more safety measures to avoid the same breaches from happening later on.